Spring Authorization Server has come a long way since 1.0 was officially released in November 2022. Starting as a project separate from Spring Security, has allowed it to iterate quickly on feature development and ultimately grow a rich feature set for building OAuth2 Authorization Servers.

It has reached that point of maturity and stability and we believe the time is now to move it to Spring Security 7.0.

The main benefit this will provide our users is a streamlined developer experience. Whether you are working with OAuth2 Client or OAuth2 Authorization Server, you won’t need to switch…

On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 2.0.0-M2, 1.5.2 and 1.4.5.

See the 2.0.0-M2, 1.5.2 and 1.4.5 release notes for complete details.

To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.

Project Page | GitHub Issues

On behalf of the team and everyone who has contributed, it is my pleasure to announce the milestone release of Spring Authorization Server 2.0.0-M1.

See the 2.0.0-M1 release notes for complete details.

To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.

Project Page | GitHub Issues

On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.5.1, 1.4.4 and 1.3.7.

See the 1.5.1, 1.4.4 and 1.3.7 release notes for complete details.

To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.

Project Page | GitHub Issues | Project Board

On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.5.

The 1.5 release contains a few noteworthy new features:

• Add support for OAuth 2.0 Pushed Authorization Requests (PAR) (gh-1925)
• Support OAuth 2.0 Demonstrating Proof of Possession (DPoP) (gh-1813)
• Support POST for authorization code request flow (gh-1874)

To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.

Project Page | GitHub Issues | …

On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.5.0-RC1, 1.4.3 and 1.3.6.

See the 1.5.0-RC1, 1.4.3 and 1.3.6 release notes for complete details.

To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.

Project Page | GitHub Issues | Project Board

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 5.7.17, 5.8.19, 6.0.17, 6.1.15, 6.2.11, 6.3.9, and 6.4.5 are available now which fix CVE-2025-22234.

Please refer to the releases page for more details.

Commercial customers using Spring Boot 2.7, 3.0, 3.1, or 3.2 will be able to update to Spring Boot 2.7.24.2, 3.0.19.2, 3.1.15.2, or 3.2.13.2 respectively to receive the corresponding Security releases 5.7.17, 6.0.17, 6.1.15, and 6.2.11. These Security versions are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription…

On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.5.0-M2.

See the 1.5.0-M2 release notes for complete details.

To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.

Project Page | GitHub Issues | Project Board

On behalf of the team and everyone who has contributed, it is my pleasure to announce the releases of Spring Authorization Server 1.5.0-M1, 1.4.2 and 1.3.5.

See the 1.5.0-M1, 1.4.2 and 1.3.5 release notes for complete details.

To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.

Project Page | GitHub Issues | Project Board

On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.4.

The 1.4 release contains a few noteworthy new features:

• Simplified configuring authorization server using HttpSecurity.with() (gh-1725)
• Support for OpenID Connect 1.0 prompt=none parameter (gh-501)
• Ability to customize validation of OpenID Connect 1.0 RP-Initiated Logout Requests (gh-1723)
• Ability to customize success handling of OpenID Connect 1.0 RP-Initiated Logout Requests (gh-1244)
• Added How-to guide demonstrating how to implement the core services with Redis
…